jenkins/sap-jenkins-library
1
0
Fork 0
mirror of https://github.com/SAP/jenkins-library.git synced 2025-03-03 15:02:35 +02:00
Code Issues Releases Activity

fix(fortifyExecuteScan): Throw error on classpath detection issues (#2876)

Browse Source 
* Update fortifyExecuteScan.go

* Raise error to the top level

* Update fortifyExecuteScan.go

* Update fortifyExecuteScan.go

* Fix code and test

* Add tests

* Fix test

* Last attempt
This commit is contained in:
Sven Merk 2021-06-16 08:15:41 +02:00 committed by GitHub
parent 367ca6211a
commit 07b90dc10b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 43 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
cmd/fortifyExecuteScan.go
View File

@ -621,7 +621,7 @@ func autoresolvePipClasspath(executable string, parameters []string, file string
return readClasspathFile(file), nil return readClasspathFile(file), nil
} }
func autoresolveMavenClasspath(config fortifyExecuteScanOptions, file string, utils fortifyUtils) string { func autoresolveMavenClasspath(config fortifyExecuteScanOptions, file string, utils fortifyUtils) (string, error) {
if filepath.IsAbs(file) { if filepath.IsAbs(file) {
log.Entry().Warnf("Passing an absolute path for -Dmdep.outputFile results in the classpath only for the last module in multi-module maven projects.") log.Entry().Warnf("Passing an absolute path for -Dmdep.outputFile results in the classpath only for the last module in multi-module maven projects.")
} }
@ -636,9 +636,10 @@ func autoresolveMavenClasspath(config fortifyExecuteScanOptions, file string, ut
} }
_, err := maven.Execute(&executeOptions, utils) _, err := maven.Execute(&executeOptions, utils)
if err != nil { if err != nil {
log.Entry().WithError(err).Warn("failed to determine classpath using Maven") log.Entry().WithError(err).Error("failed to determine classpath using Maven")
return "", err
} }
return readAllClasspathFiles(file) return readAllClasspathFiles(file), nil
} }
// readAllClasspathFiles tests whether the passed file is an absolute path. If not, it will glob for // readAllClasspathFiles tests whether the passed file is an absolute path. If not, it will glob for
@ -707,7 +708,10 @@ func triggerFortifyScan(config fortifyExecuteScanOptions, utils fortifyUtils, bu
classpath := "" classpath := ""
if config.BuildTool == "maven" { if config.BuildTool == "maven" {
if config.AutodetectClasspath { if config.AutodetectClasspath {
classpath = autoresolveMavenClasspath(config, classpathFileName, utils) classpath, err = autoresolveMavenClasspath(config, classpathFileName, utils)
if err != nil {
return err
}
} }
config.Translate, err = populateMavenTranslate(&config, classpath) config.Translate, err = populateMavenTranslate(&config, classpath)
if err != nil { if err != nil {

37
cmd/fortifyExecuteScan_test.go
View File

@ -336,7 +336,13 @@ func (er *execRunnerMock) RunExecutable(e string, p ...string) error {
classpathPip := "/usr/lib/python35.zip;/usr/lib/python3.5;/usr/lib/python3.5/plat-x86_64-linux-gnu;/usr/lib/python3.5/lib-dynload;/home/piper/.local/lib/python3.5/site-packages;/usr/local/lib/python3.5/dist-packages;/usr/lib/python3/dist-packages;./lib" classpathPip := "/usr/lib/python35.zip;/usr/lib/python3.5;/usr/lib/python3.5/plat-x86_64-linux-gnu;/usr/lib/python3.5/lib-dynload;/home/piper/.local/lib/python3.5/site-packages;/usr/local/lib/python3.5/dist-packages;/usr/lib/python3/dist-packages;./lib"
classpathMaven := "some.jar;someother.jar" classpathMaven := "some.jar;someother.jar"
if e == "python2" { if e == "python2" {
er.currentExecution().outWriter.Write([]byte(classpathPip)) if p[1] == "invalid" {
return errors.New("Invalid command")
}
_, err := er.currentExecution().outWriter.Write([]byte(classpathPip))
if err != nil {
return err
}
} else if e == "mvn" { } else if e == "mvn" {
path := strings.ReplaceAll(p[2], "-Dmdep.outputFile=", "") path := strings.ReplaceAll(p[2], "-Dmdep.outputFile=", "")
err := ioutil.WriteFile(path, []byte(classpathMaven), 0644) err := ioutil.WriteFile(path, []byte(classpathMaven), 0644)
@ -820,6 +826,25 @@ func TestAutoresolveClasspath(t *testing.T) {
assert.Equal(t, "/usr/lib/python35.zip;/usr/lib/python3.5;/usr/lib/python3.5/plat-x86_64-linux-gnu;/usr/lib/python3.5/lib-dynload;/home/piper/.local/lib/python3.5/site-packages;/usr/local/lib/python3.5/dist-packages;/usr/lib/python3/dist-packages;./lib", result, "Expected different result") assert.Equal(t, "/usr/lib/python35.zip;/usr/lib/python3.5;/usr/lib/python3.5/plat-x86_64-linux-gnu;/usr/lib/python3.5/lib-dynload;/home/piper/.local/lib/python3.5/site-packages;/usr/local/lib/python3.5/dist-packages;/usr/lib/python3/dist-packages;./lib", result, "Expected different result")
}) })
t.Run("error pip file", func(t *testing.T) {
utils := newFortifyTestUtilsBundle()
_, err := autoresolvePipClasspath("python2", []string{"-c", "import sys;p=sys.path;p.remove('');print(';'.join(p))"}, "../.", &utils)
assert.Error(t, err)
})
t.Run("error pip command", func(t *testing.T) {
utils := newFortifyTestUtilsBundle()
dir, err := ioutil.TempDir("", "classpath")
assert.NoError(t, err, "Unexpected error detected")
defer os.RemoveAll(dir)
file := filepath.Join(dir, "cp.txt")
_, err = autoresolvePipClasspath("python2", []string{"-c", "invalid"}, file, &utils)
assert.Error(t, err)
assert.Equal(t, "failed to run classpath autodetection command python2 with parameters [-c invalid]: Invalid command", err.Error())
})
t.Run("success maven", func(t *testing.T) { t.Run("success maven", func(t *testing.T) {
utils := newFortifyTestUtilsBundle() utils := newFortifyTestUtilsBundle()
dir, err := ioutil.TempDir("", "classpath") dir, err := ioutil.TempDir("", "classpath")
@ -827,11 +852,19 @@ func TestAutoresolveClasspath(t *testing.T) {
defer os.RemoveAll(dir) defer os.RemoveAll(dir)
file := filepath.Join(dir, "cp.txt") file := filepath.Join(dir, "cp.txt")
result := autoresolveMavenClasspath(fortifyExecuteScanOptions{BuildDescriptorFile: "pom.xml"}, file, &utils) result, err := autoresolveMavenClasspath(fortifyExecuteScanOptions{BuildDescriptorFile: "pom.xml"}, file, &utils)
assert.NoError(t, err)
assert.Equal(t, "mvn", utils.executions[0].executable, "Expected different executable") assert.Equal(t, "mvn", utils.executions[0].executable, "Expected different executable")
assert.Equal(t, []string{"--file", "pom.xml", fmt.Sprintf("-Dmdep.outputFile=%v", file), "-DincludeScope=compile", "-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn", "--batch-mode", "dependency:build-classpath"}, utils.executions[0].parameters, "Expected different parameters") assert.Equal(t, []string{"--file", "pom.xml", fmt.Sprintf("-Dmdep.outputFile=%v", file), "-DincludeScope=compile", "-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn", "--batch-mode", "dependency:build-classpath"}, utils.executions[0].parameters, "Expected different parameters")
assert.Equal(t, "some.jar;someother.jar", result, "Expected different result") assert.Equal(t, "some.jar;someother.jar", result, "Expected different result")
}) })
t.Run("error maven", func(t *testing.T) {
utils := newFortifyTestUtilsBundle()
_, err := autoresolveMavenClasspath(fortifyExecuteScanOptions{BuildDescriptorFile: "pom.xml"}, "../.", &utils)
assert.Error(t, err)
})
} }
func TestPopulateMavenTranslate(t *testing.T) { func TestPopulateMavenTranslate(t *testing.T) {